Under copyright and trade secrets laws as such laws apply to source code, if a person without permission copies the source code or misappropriates a trade secret contained within the code (such as know-how), that person is liable to the owner of the copyrighted code or the trade secret embodied within that code.
For purposes of proving such a claim of copyright or trade secret misappropriation, it is not necessary to prove that actual copying occurred. It is sufficient to show that (1) the accused party had access to the code, and (2) the accused party's code is substantially similar to the claimant's code. Thus, for an independent software developer, accessing competitive or substantially similar code is fraught with legal risks, especially in the situation in which the company is developing software with the same or similar functionality as that which exists in competitive products or existing third party code that the company has already licensed. In order to avoid claims of breach of such terms or claims of infringement, it may be advisable to establish "clean room" software development policies.
The purpose of such policies is to create an environment in which the company’s personnel can develop competitive software in a manner that insulates the company from copyright infringement or trade secret misappropriation claims by third party licensors of functionally similar software. Clean room engineering attempts to defeat the “proof of access” element of such claims. Independent development of code, even if that code happens to be substantially similar, is a complete defense to a copyright infringement claim, and would refute a misappropriation of trade secrets claim as well.
Clean room engineers should obviously at all times avoid direct examination of the original corresponding third party code. Functionality should be designed only by using specifications or tests derived from the third party code being emulated. If it is necessary to internally develop these specifications and/or tests, then such materials may be developed by a separate group within the company that is physically and electronically isolated from the clean room group. This group is known as the "dirty room" group. When it is determined that the specification from which the clean room engineers are working is insufficient to produce the degree of compatibility desired, the only recourse is to search for additional documentation or to write additional tests.
For example, looking at the individual instructions that make up a computer program, even if only to determine specifications that aren't publicly available, is an example of dirty room reverse engineering. Dirty room reverse engineering done by the same engineers who create clean room code runs the obvious risk of deliberate or accidental copyright or trade secret violations. To avoid this risk, dirty room reverse engineering should be done in conjunction with clean room development by using two physically and electronically isolated teams where one team does dirty room reverse engineering and the other does clean room development. If a dirty room team exists, the clean room engineers can write a description of the portion of the specification that needs elaboration or clarification. The dirty room engineers then use that request to create additional functional specifications or tests. These functional specifications or tests should not reveal in any manner the way in which the emulated software was written.
The viability of a clean room defense was put to the test in the case of Nordstrom Consulting, Inc. v. M&S Technologies, Inc. (N.D. Ill. 2008). In this case, the plaintiff (NCI) accused the defendant (M&S) of developing an unauthorized and infringing derivative work of software NCI had licensed to M&S. M&S sought to avoid infringement liability via the use of documented clean room procedures.
In actuality, M&S used what is more accurately referred to as “dirty room” reverse engineering described above, as the court explained in the court’s written opinion:
"Defendants claim that M&S hired independent developers to create a new software program … shortly after [NCI] sent an email … stating [the] intention to renegotiate or terminate [the] relationship with M&S. Defendants claimed to have used a “clean room” procedure to develop the new software. “Clean room” procedure attempts to avoid violations of the copyright laws by using two separate teams of developers to create a competing product. The first team describes the functional aspects of a product to the second team; the second team then uses those descriptions to write the code for the competing product. … If Defendants did indeed follow clean room procedures, the Plaintiffs would be unable to make the necessary showing that Defendants had access to the copyrighted work."
Defendant M&S was successful in this defense despite that one of the engineers in the functional specification team actually (a) sent snippets of code or “pseudo code” to the clean room engineering team – code that was “used to help the developers understand what the new system needed to do”; and (b) offered “suggestions to difficulties encountered by the independent programmers in writing the new code. “ The court ruled that NCI failed to prove that this assistance or pseudo code was in any way identical or substantially similar to plaintiff’s copyrighted code.
A final note: clean room or dirty room procedures do nothing to minimize the threat of patent infringement claims; successful assertion of such claims does not depend on proof of copying or access. Independent worldwide patent searches should be conducted in the applicable fields in order to assess the scope of possible patents and to design around such patents if possible. Also, clean room procedures or reverse engineering could be subject to contractual restrictions in the applicable license agreements covering the third party code being emulated. Such terms should be analyzed prior to any clean room development.
23 October 2008
Jacobsen v. Katzer: A Significant Victory for Open Source
Open source licenses rely on enforcement of certain obligations intended to further the ideals of the free software movement. The more significant of these obligations include preservation of copyright notices and developer attribution, to preserve the pride of authorship that motivates the open source developer community, and, most importantly, mandating that any modifications, improvements or derivative works of the open source software be made available under the same terms as the original license under which the software is licensed. The latter is oftentimes referred to as the "copyleft" obligation, in that the proprietary rights of copyright law, traditionally employed to restrict use, are instead used as a means of enforcing the liberalization ideals of the free software movement. The General Public License (GPL), the most popular open source license in use today, contains such an obligation. The GPL permits anyone to modify GPL-licensed code and distribute such modified code, provided that the entire derivative work thereby created by such modification is licensed as a whole under the terms of the GPL itself. Other open source licenses employ similar copyleft-like restrictions, such as the Mozilla Public License (MPL), used for the Firefox browser project.
Characterization of these obligations as either independent covenants or conditions on the scope of the license has significant remedies implications. Violation of conditions to the license rights (that is, exceeding the scope of the license) is tantamount to copyright infringement. As such, violation of license conditions gives rise to copyright infringement remedies, including injunctive relief, aided by the presumption of irreparable harm if the plaintiff is likely to succeed on the merits of the infringement claim. Violation of independent contractual covenants, on the other hand, generally does not give rise to injunctive relief, and permits merely compensation for direct economic loss. In the open source context, where software is licensed without charge, establishing economic loss is nigh impossible. The availability of injunctive relief is essentially the only meaningful remedy open source licensors have.
In Jacobsen v. Katzer, the US District Court for the Northern District of California ruled that defendant’s failure to comply with the attribution and notice obligations of the Artistic License, an open source license, amounted to a claim for breach of contract and not copyright infringement, materially limiting the remedies available to the licensor of the software at issue. Noting that the scope of the Artistic License was intentionally broad, the district court held in rather conclusory fashion that the notice and attribution requirements were not conditions to the license grant itself, and did not limit the scope of that license.
In so ruling, the district court seemed to ignore the portion of the Artistic License dealing with the right to modify the licensed code, in which the notice obligations are stated in conditional fashion: "You may otherwise modify your copy of this Package in any way, provided that you insert a prominent notice in each changed file …." The "provided" modifier clearly appears to be a conditional obligation to the right to modify. Further, the preamble in the Artistic License expressly states that the "intent of this document is to state the conditions under which [the licensed code] may be copied …"
The Jacobsen lower court ruling cast considerable doubt on whether the GPL's copyleft requirement is a limitation on or a condition of the license. The GPL's copyleft requirement, mandating that derivative works of that code be licensed under GPL in source code form, is expressed in a way substantially similar to the notice requirement in the Artistic License at issue in the Jacobsen case. It's not clear whether this requirement would be construed as a license condition under the reasoning employed by the Jacobsen district court. If not, the copyleft requirement of GPL would become practically unenforceable.
As the GPL is the most popular and strongest copyleft license in existence today – the flagship of the free software movement – the impact of the lower court’s reasoning would have been serious, if permitted to stand. In the words of Mark Radcliffe, General Counsel of the Open Source Initiative, "The appeal of the Jacobsen case has the potential for disaster for open source licensors: if the [Court of Appeals] decides the issue incorrectly and uses sweeping language …, open source licensors will be in a considerably weaker position in pursuing licensees who are in breach.”
Fortunately for the free software movement, the US Court of Appeals for the Federal Circuit repudiated the district court’s reasoning and left intact copyright remedies for breach of notice and attribution requirements and, by logical extension, copyleft obligations as well. In so ruling, the appellate court accorded considerable recognition, if not endorsement, of the objectives and beneficial aspects of the free software movement. (Jacobsen v. Katzer, 2008-1001, at 1 (Fed. Cir. August 13, 2008)).
Phrasing the issue for consideration as determining “the ability of a copyright holder to dedicate certain work to free public use and yet enforce an ‘open source’ copyright license to control the future distribution and modification of that work”, the court began its analysis by describing the “creative collaboration” represented by open source licensing, and by extolling the virtues of such collaborative efforts. “Open source licensing has become a widely used method of creative collaboration that serves to advance the arts and sciences in a manner and at a pace that few could have imagined just a few decades ago.”
The Federal Circuit then explained how the notice and attribution conditions of open source licenses are an integral component of open source licensing:
"Through [open source] collaboration, software programs can often be written and debugged faster and at a lower cost than if the copyright holder were required to do all of the work independently. In exchange and in consideration for this collaborative work, the copyright holder permits users to copy, modify, and distribute the software code subject to conditions that serve to protect downstream users and to keep the code accessible. By requiring that users copy and restate the license and attribution information, a copyright holder can ensure that recipients of the redistributed computer code know the identity of the owner as well as the scope of the license granted by the original owner."
Defendant had argued in the lower court that because plaintiff had made his code available under a broad non-exclusive license to the public at large, the defendant had essentially foreclosed the ability to recover any copyright infringement remedy notwithstanding the presence of obligations connected with the exercise of the rights in the Artistic License. The appellate court observed that defendant’s argument was premised on the notion that the plaintiff’s copyrights in the code licensed under the Artistic License “gave him no economic rights because he made his computer code available to the public at no charge.” Yet, economic rights go beyond royalties, the court stated. In comparing the open source model with traditional copyright business models calling for payment of royalties in exchange for licenses, the court emphasized the “substantial benefits, including economic benefits, to the creation and distribution of copyrighted works under public licenses that range far beyond traditional license royalties”, including increased market share, reputational benefits, and rapid product development and improvement.
Turning to analysis of the language of the Artistic License, the Federal Circuit rejected the district court’s interpretation, calling out the “provided that” phrasing as a typical means of expressing conditional obligations, and observing that the license expressly labels the obligations of the license as “conditions under which” the licensed code may be copied. Most significantly, the appellate court demonstrated its understanding of the issues at stake, and the importance of preserving injunctive relief for violation of open source license requirements, by the following passage in the court’s opinion:
"Copyright holders who engage in open source licensing have the right to control the modification and distribution of copyrighted material. … Copyright licenses are designed to support the right to exclude; money damages alone do not support or enforce that right. The choice to exact consideration in the form of compliance with the open source requirements of disclosure and explanation of changes, rather than a dollar-denominated fee, is entitled to no less legal recognition. Indeed, because a calculation of damages is inherently speculative, these types of license restrictions might well be rendered meaningless absent the ability to enforce through injunctive relief."
Section 2 of GPL states that “You may modify your copy of the Program or any portion of it, thus forming a work based on the Program, provided that ... you must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program … to be licensed as a whole at no charge to all third parties under the terms of this License.” This same phrasing is contained in the Artistic License. By upholding such language as conditional, and by explicitly recognizing the objectives and virtues of open source collaboration, the Federal Circuit largely eliminated any possibility that the GPL’s copyleft obligation would ever be characterized as a mere contractual covenant. As such, the court’s decision represents a substantial victory for the free software movement.
Characterization of these obligations as either independent covenants or conditions on the scope of the license has significant remedies implications. Violation of conditions to the license rights (that is, exceeding the scope of the license) is tantamount to copyright infringement. As such, violation of license conditions gives rise to copyright infringement remedies, including injunctive relief, aided by the presumption of irreparable harm if the plaintiff is likely to succeed on the merits of the infringement claim. Violation of independent contractual covenants, on the other hand, generally does not give rise to injunctive relief, and permits merely compensation for direct economic loss. In the open source context, where software is licensed without charge, establishing economic loss is nigh impossible. The availability of injunctive relief is essentially the only meaningful remedy open source licensors have.
In Jacobsen v. Katzer, the US District Court for the Northern District of California ruled that defendant’s failure to comply with the attribution and notice obligations of the Artistic License, an open source license, amounted to a claim for breach of contract and not copyright infringement, materially limiting the remedies available to the licensor of the software at issue. Noting that the scope of the Artistic License was intentionally broad, the district court held in rather conclusory fashion that the notice and attribution requirements were not conditions to the license grant itself, and did not limit the scope of that license.
In so ruling, the district court seemed to ignore the portion of the Artistic License dealing with the right to modify the licensed code, in which the notice obligations are stated in conditional fashion: "You may otherwise modify your copy of this Package in any way, provided that you insert a prominent notice in each changed file …." The "provided" modifier clearly appears to be a conditional obligation to the right to modify. Further, the preamble in the Artistic License expressly states that the "intent of this document is to state the conditions under which [the licensed code] may be copied …"
The Jacobsen lower court ruling cast considerable doubt on whether the GPL's copyleft requirement is a limitation on or a condition of the license. The GPL's copyleft requirement, mandating that derivative works of that code be licensed under GPL in source code form, is expressed in a way substantially similar to the notice requirement in the Artistic License at issue in the Jacobsen case. It's not clear whether this requirement would be construed as a license condition under the reasoning employed by the Jacobsen district court. If not, the copyleft requirement of GPL would become practically unenforceable.
As the GPL is the most popular and strongest copyleft license in existence today – the flagship of the free software movement – the impact of the lower court’s reasoning would have been serious, if permitted to stand. In the words of Mark Radcliffe, General Counsel of the Open Source Initiative, "The appeal of the Jacobsen case has the potential for disaster for open source licensors: if the [Court of Appeals] decides the issue incorrectly and uses sweeping language …, open source licensors will be in a considerably weaker position in pursuing licensees who are in breach.”
Fortunately for the free software movement, the US Court of Appeals for the Federal Circuit repudiated the district court’s reasoning and left intact copyright remedies for breach of notice and attribution requirements and, by logical extension, copyleft obligations as well. In so ruling, the appellate court accorded considerable recognition, if not endorsement, of the objectives and beneficial aspects of the free software movement. (Jacobsen v. Katzer, 2008-1001, at 1 (Fed. Cir. August 13, 2008)).
Phrasing the issue for consideration as determining “the ability of a copyright holder to dedicate certain work to free public use and yet enforce an ‘open source’ copyright license to control the future distribution and modification of that work”, the court began its analysis by describing the “creative collaboration” represented by open source licensing, and by extolling the virtues of such collaborative efforts. “Open source licensing has become a widely used method of creative collaboration that serves to advance the arts and sciences in a manner and at a pace that few could have imagined just a few decades ago.”
The Federal Circuit then explained how the notice and attribution conditions of open source licenses are an integral component of open source licensing:
"Through [open source] collaboration, software programs can often be written and debugged faster and at a lower cost than if the copyright holder were required to do all of the work independently. In exchange and in consideration for this collaborative work, the copyright holder permits users to copy, modify, and distribute the software code subject to conditions that serve to protect downstream users and to keep the code accessible. By requiring that users copy and restate the license and attribution information, a copyright holder can ensure that recipients of the redistributed computer code know the identity of the owner as well as the scope of the license granted by the original owner."
Defendant had argued in the lower court that because plaintiff had made his code available under a broad non-exclusive license to the public at large, the defendant had essentially foreclosed the ability to recover any copyright infringement remedy notwithstanding the presence of obligations connected with the exercise of the rights in the Artistic License. The appellate court observed that defendant’s argument was premised on the notion that the plaintiff’s copyrights in the code licensed under the Artistic License “gave him no economic rights because he made his computer code available to the public at no charge.” Yet, economic rights go beyond royalties, the court stated. In comparing the open source model with traditional copyright business models calling for payment of royalties in exchange for licenses, the court emphasized the “substantial benefits, including economic benefits, to the creation and distribution of copyrighted works under public licenses that range far beyond traditional license royalties”, including increased market share, reputational benefits, and rapid product development and improvement.
Turning to analysis of the language of the Artistic License, the Federal Circuit rejected the district court’s interpretation, calling out the “provided that” phrasing as a typical means of expressing conditional obligations, and observing that the license expressly labels the obligations of the license as “conditions under which” the licensed code may be copied. Most significantly, the appellate court demonstrated its understanding of the issues at stake, and the importance of preserving injunctive relief for violation of open source license requirements, by the following passage in the court’s opinion:
"Copyright holders who engage in open source licensing have the right to control the modification and distribution of copyrighted material. … Copyright licenses are designed to support the right to exclude; money damages alone do not support or enforce that right. The choice to exact consideration in the form of compliance with the open source requirements of disclosure and explanation of changes, rather than a dollar-denominated fee, is entitled to no less legal recognition. Indeed, because a calculation of damages is inherently speculative, these types of license restrictions might well be rendered meaningless absent the ability to enforce through injunctive relief."
Section 2 of GPL states that “You may modify your copy of the Program or any portion of it, thus forming a work based on the Program, provided that ... you must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program … to be licensed as a whole at no charge to all third parties under the terms of this License.” This same phrasing is contained in the Artistic License. By upholding such language as conditional, and by explicitly recognizing the objectives and virtues of open source collaboration, the Federal Circuit largely eliminated any possibility that the GPL’s copyleft obligation would ever be characterized as a mere contractual covenant. As such, the court’s decision represents a substantial victory for the free software movement.
Refusal to Honor Licensing Commitments in Standards Setting Forums Can Be Anticompetitive
Many standards-setting organizations (SSOs) require participants to disclose patents that might be technically essential to implementing the standard being formulated, and some go further and require that participants agree to license those patents on fair, reasonable and non-discriminatory terms. The US Federal Trade Commission (FTC) earlier this year issued a decision stating that a patent holder's refusal to honor licensing commitments made in a standards setting organization constitutes an unfair method of competition, despite the fact that the patent holder lacked market power in the relevant market. The decision was reached in connection with a settlement decree with Negotiated Data Solutions LLC (N-Data).
N-Data licenses patents it acquired from National Semiconductor Corporation. N-Data's patented technology enables an Ethernet device to detect and optimize local-area network communication with any other vendor's device automatically. In 1994, the Institute of Electrical and Electronics Engineers (IEEE) adopted the IEEE 802.3 Ethernet standard. National Semiconductor was a member of the IEEE at the time, and during the formation of the standard, National disclosed that it had filed for patent protection for certain technology that could be adopted in this new standard, and offered to license such patents, should the patented invention become part of that standard, for a one-time flat fee of $1,000 for each company adopting the standard. Based on these assurances, the IEEE adopted National's technology as part of the Fast Ethernet standard.
Subsequently, N-Data "threatened to raise prices for an entire industry" by charging vendors fees in excess of the promised $1,000 one-time fee after they committed themselves to the standard, the FTC said. (Actually a predecessor to the patents at issue, Vertical Networks, began the practice, but it was continued by N-Data after the former assigned the patents to N-Data.) The FTC concluded that this ex ante "hold up" behavior constitutes an unfair business practice "likely to cause substantial injury to consumers" because IEEE members "had no way to anticipate repudiation of the price commitment". A major concern motivating the FTC was that pro-competitive standards setting efforts would be undermined if commitments by SSO members could be ignored once the patents are transferred to another company. Because later patent assignees are not in contractual privity with the standards-setting body or its members, the FTC was concerned that contract remedies would prove ineffective.
The lessons of this decision are clear for companies participating in standards setting organizations. Participants need to ensure that any offers to license technology implicated by the standard contain sufficient built-in flexibility in the event market or economic conditions warrant an adjustment to the proffered terms. And, for companies acquiring patents implicated in a standard, such companies need to perform due diligence to determine whether and to what extent the terms offered to SSO members in the past can be adjusted.
N-Data licenses patents it acquired from National Semiconductor Corporation. N-Data's patented technology enables an Ethernet device to detect and optimize local-area network communication with any other vendor's device automatically. In 1994, the Institute of Electrical and Electronics Engineers (IEEE) adopted the IEEE 802.3 Ethernet standard. National Semiconductor was a member of the IEEE at the time, and during the formation of the standard, National disclosed that it had filed for patent protection for certain technology that could be adopted in this new standard, and offered to license such patents, should the patented invention become part of that standard, for a one-time flat fee of $1,000 for each company adopting the standard. Based on these assurances, the IEEE adopted National's technology as part of the Fast Ethernet standard.
Subsequently, N-Data "threatened to raise prices for an entire industry" by charging vendors fees in excess of the promised $1,000 one-time fee after they committed themselves to the standard, the FTC said. (Actually a predecessor to the patents at issue, Vertical Networks, began the practice, but it was continued by N-Data after the former assigned the patents to N-Data.) The FTC concluded that this ex ante "hold up" behavior constitutes an unfair business practice "likely to cause substantial injury to consumers" because IEEE members "had no way to anticipate repudiation of the price commitment". A major concern motivating the FTC was that pro-competitive standards setting efforts would be undermined if commitments by SSO members could be ignored once the patents are transferred to another company. Because later patent assignees are not in contractual privity with the standards-setting body or its members, the FTC was concerned that contract remedies would prove ineffective.
The lessons of this decision are clear for companies participating in standards setting organizations. Participants need to ensure that any offers to license technology implicated by the standard contain sufficient built-in flexibility in the event market or economic conditions warrant an adjustment to the proffered terms. And, for companies acquiring patents implicated in a standard, such companies need to perform due diligence to determine whether and to what extent the terms offered to SSO members in the past can be adjusted.
Make Sure Your Arbitration Clause Covers IP Disputes
Mandatory arbitration clauses in licensing agreements as the exclusive means of resolving licensor-licensee disputes are becoming more common. Typically such clauses are phrased in terms of requiring "any controversy or claim arising out of or relating to this contract, or breach thereof" to be settled by binding arbitration. A recent US Court of Appeals decision has revealed that this language can in certain situations be insufficient to bring into the arbitration obligation's scope intellectual property-related disputes that may arise between the parties. NCR Corporation v. Korala Associates, LTD. (6th Cir. 2008) (holding that resolution of plaintiff's copyright infringement claim was not dependent on reference to or interpretation of the license agreement, and therefore such claim is not arbitrable under an arbitration clause requiring arbitration of "any controversy or claim arising out of or related to this contract").
From the licensor's perspective, expressly capturing intellectual property disputes in the operative license agreement has some inherent advantages. First, because arbitration as a general matter only affects the immediate parties to the dispute, an arbitrator's intellectual property invalidity ruling would only apply as between the parties, and would not serve to invalidate the licensor's intellectual property generally or render it unenforceable as against all other parties. This is, at least, the rule in the US, UK and Germany. (It's worth noting however, that some jurisdictions, such as Japan, France, Italy and Spain, permit parties to arbitrate issues of infringement but not to arbitrate the validity of registrations; and Switzerland goes in the complete opposite direction and enforces arbitral rulings invalidating patents, trademarks and designs, as a general matter.) Second, arbitration enables the parties to select a subject-matter expert with relevant experience and knowledge of not only the technology at issue but also the operative rules of law of the controlling jurisdiction, thus potentially enhancing the quality of the final decision and reducing or eliminating the need to retain experts. Third, arbitration proceedings can usually be conducted under strict obligations of confidentiality. The licensor may have a strong interest in avoiding the negative publicity that could be engendered by a noisy and protracted court case with one of the licensor's customers. Trade secrets and other confidential or sensitive matters can be more readily protected from disclosure in an arbitration as opposed to a court case, where all documents and proceedings are required to be open and publicly available (absent a court-issued protective order, which requires time and resources to secure). Finally, there is the 1959 New York Convention, a treaty, ratified by over 140 countries, providing for the recognition and enforcement of foreign arbitral awards. No similar treaty or convention providing for similar recognition of foreign court judgments exists, and the US, importantly, is not a party to any such convention or treaty for foreign judgments.
In order ensure the arbitrability of intellectual property disputes and avoid the result of the Korala Associates decision, licensors should consider language along the lines of the following (with capitalized terms referring to specially defined terms in the license agreement):
"Any controversy, claim or dispute between the parties arising out of or relating to this Agreement, the Licensed Technology, Support Services, or Intellectual Property Rights, including controversies, claims or disputes involving the validity or infringement of Intellectual Property Rights, shall be resolved by binding arbitration conducted in accordance with the rules of the World Intellectual Property Organization's Arbitration Rules …."
Also, licensors should make sure they preserve the ability to pursue injunctive relief at any time in any court of competent jurisdiction, in order to have the right, notwithstanding the obligation to arbitrate disputes, to seek an emergency order preventing incipient or ongoing acts of infringement.
From the licensor's perspective, expressly capturing intellectual property disputes in the operative license agreement has some inherent advantages. First, because arbitration as a general matter only affects the immediate parties to the dispute, an arbitrator's intellectual property invalidity ruling would only apply as between the parties, and would not serve to invalidate the licensor's intellectual property generally or render it unenforceable as against all other parties. This is, at least, the rule in the US, UK and Germany. (It's worth noting however, that some jurisdictions, such as Japan, France, Italy and Spain, permit parties to arbitrate issues of infringement but not to arbitrate the validity of registrations; and Switzerland goes in the complete opposite direction and enforces arbitral rulings invalidating patents, trademarks and designs, as a general matter.) Second, arbitration enables the parties to select a subject-matter expert with relevant experience and knowledge of not only the technology at issue but also the operative rules of law of the controlling jurisdiction, thus potentially enhancing the quality of the final decision and reducing or eliminating the need to retain experts. Third, arbitration proceedings can usually be conducted under strict obligations of confidentiality. The licensor may have a strong interest in avoiding the negative publicity that could be engendered by a noisy and protracted court case with one of the licensor's customers. Trade secrets and other confidential or sensitive matters can be more readily protected from disclosure in an arbitration as opposed to a court case, where all documents and proceedings are required to be open and publicly available (absent a court-issued protective order, which requires time and resources to secure). Finally, there is the 1959 New York Convention, a treaty, ratified by over 140 countries, providing for the recognition and enforcement of foreign arbitral awards. No similar treaty or convention providing for similar recognition of foreign court judgments exists, and the US, importantly, is not a party to any such convention or treaty for foreign judgments.
In order ensure the arbitrability of intellectual property disputes and avoid the result of the Korala Associates decision, licensors should consider language along the lines of the following (with capitalized terms referring to specially defined terms in the license agreement):
"Any controversy, claim or dispute between the parties arising out of or relating to this Agreement, the Licensed Technology, Support Services, or Intellectual Property Rights, including controversies, claims or disputes involving the validity or infringement of Intellectual Property Rights, shall be resolved by binding arbitration conducted in accordance with the rules of the World Intellectual Property Organization's Arbitration Rules …."
Also, licensors should make sure they preserve the ability to pursue injunctive relief at any time in any court of competent jurisdiction, in order to have the right, notwithstanding the obligation to arbitrate disputes, to seek an emergency order preventing incipient or ongoing acts of infringement.
The London Agreement is Now in Effect, Reducing Patent Prosecution Costs in Europe
The London Agreement is a treaty under which the signatory countries agree to waive, for the most part, the requirement that patents be translated into the national language of each European Patent Convention country. Previously, when a patent application was granted by the European Patent Office (the EPO has always permitted patent filings and correspondence to be carried out in either English, German or French), most European Patent Convention member states required the filing of a complete translation of the patent specification into the national language of that state in order for the patent to take effect there. Consequently, translation costs accounted for as much as forty percent of the total cost of securing European patent rights.
Last October, the French Parliament finally ratified the London Agreement after initially refusing to do so. The London Agreement consequently went into force on May 1, 2008 and applies to patent applications granted after that date. Post-grant translation requirements have been relaxed considerably, and the advantage is maximized when the original filing was conducted in English. Further details may be gleaned at here.
Last October, the French Parliament finally ratified the London Agreement after initially refusing to do so. The London Agreement consequently went into force on May 1, 2008 and applies to patent applications granted after that date. Post-grant translation requirements have been relaxed considerably, and the advantage is maximized when the original filing was conducted in English. Further details may be gleaned at here.
Software Patenting in the UK Moves Closer to the Liberalised EU Approach
Article 52(2) of the European Patent Convention (reflected in section 1(2) of the UK Patents Act of 1977, as amended) includes in a list of unpatentable inventions "programs for computers … as such". The European Patent Office (EPO) has construed this exclusion to allow software to be patented if the operation of the program produces a further technical effect going beyond mere physical interactions between software and the computer.
In 2006, the UK Court of Appeal issued a pair of decisions, Aerotel Ltd. v. Telco Holdings and Re Macrossan's Application, that the UK Intellectual Property Office (UK-IPO) had construed as a blanket prohibition on any software-related patent claims. Before this time, the EPO and UK-IPO had taken similar positions on the issue of the patentability of software inventions; namely that software was patentable if the invention was capable of generating a technical effect beyond the normal physical effects which result from the running of the program. As a result of these decisions the UK-IPO refused to grant patents on any claims involving software, diverging markedly from the more liberalized approach taken by the EPO.
In February of 2008, a series of patent applications came up for appeal to the UK High Court in the decision of Astron Clinica and others v. Comptroller General of Patents and Trademarks. (Among the applications under consideration included one filed by SurfKitchen for mobile Internet services.) The court stated that the UK-IPO's blanket ban on software patents was incorrect, ruling that if the method or apparatus performed by running a computer program was patentable, then a claim to the program itself should be patentable as well. The court stated that the intention of the Aerotel/Macrossan rulings was not to announce an outright ban on software patents. In so ruling, the court paved the way for patenting of, for example, a method, implemented by a particular software algorithm, of generating bit masks for use with laser printers that results in higher quality images. The UK-IPO declined to appeal this ruling, and the UK-IPO changed its practices and released a practice note confirming adherence to the analytical framework stated in Aerotel/Macrossan as further clarified in Astron Clinica.
The Astron Clinica ruling thus brought the UK's software patent regime closer to that of the EU, although some commentators opined that even after this ruling, it nevertheless remains easier to obtain patent protection for software-implemented inventions in the UK if the applicant first obtains patent protection via the EPO. The EPO is willing to find the requisite "technical effect" in patent applications that purport to improve the functioning of a computer system, such as software that reduces the load on a processor or otherwise makes more efficient use of computing resources.
For example, Research in Motion (manufacturer of the Blackberry device) was successful, in February of this year, in convincing the UK High Court to invalidate a patent owned by Visto Corporation for a system and method for synchronizing email across a network. Invalidation was based in part on the determination of the High Court that the system described in the patent was for nothing more than a computer program "as such". The High Court had additionally found that the Visto patents lacked the requisite "inventive step", and so perhaps this deficiency also served to buttress the conclusion that the "technical effect", needed to save an invention from otherwise falling into the computer program exclusion, was missing.
The plot thickened considerably in March of this year with the decision of the UK High Court of Re Patent Application in the name of Symbian Limited. Symbian sought a patent on claims for a method of accessing data held in a dynamic link library (DLL) in a computing device, as well as to the device itself controlled by the method. In short, Symbian's invention changed the way a computer's operating system invokes DLLs in order to eliminate the possibility of errors resulting from changes in that DLL. The UK-IPO rejected the application, on the basis that the invention was comprised of nothing more than the operation of a computer program as such. However, the EPO had granted the patent to Symbian for the exact same invention. On appeal, the High Court overruled the UK-IPO, stating that it had too narrowly considered the invention's technical effect. The court questioned "why a program which has some novel technical effect on an important component in the computer's operating system should not qualify as doing more than merely operating as a computer program, notwithstanding its effect is to solve … a software problem affecting the functionality and reliability of the computer." The court additionally bemoaned the inconsistency between the UK-IPO's approach and that of the EPO. It appeared that the court wanted to bring the UK's approach to software patentability even closer to that of the EU.
After the Symbian ruling, the UK-IPO issued a press release announcing its intention to appeal the ruling, stating that the High Court did not apply the Aerotel/Macrossan test in the way intended by the Court of Appeal. This, in UK-IPO's view, has created uncertainty about how the Aerotel/Macrossan test should be applied for inventions of this type. The UK-IPO explained, "whilst it is possible to get patents in the UK for some inventions involving computer programs, it is not possible to get patents for innovations which are solely computer programs, such as an improved word processing program."
Software patents are more readily granted in the US, Japan and Australia.
In 2006, the UK Court of Appeal issued a pair of decisions, Aerotel Ltd. v. Telco Holdings and Re Macrossan's Application, that the UK Intellectual Property Office (UK-IPO) had construed as a blanket prohibition on any software-related patent claims. Before this time, the EPO and UK-IPO had taken similar positions on the issue of the patentability of software inventions; namely that software was patentable if the invention was capable of generating a technical effect beyond the normal physical effects which result from the running of the program. As a result of these decisions the UK-IPO refused to grant patents on any claims involving software, diverging markedly from the more liberalized approach taken by the EPO.
In February of 2008, a series of patent applications came up for appeal to the UK High Court in the decision of Astron Clinica and others v. Comptroller General of Patents and Trademarks. (Among the applications under consideration included one filed by SurfKitchen for mobile Internet services.) The court stated that the UK-IPO's blanket ban on software patents was incorrect, ruling that if the method or apparatus performed by running a computer program was patentable, then a claim to the program itself should be patentable as well. The court stated that the intention of the Aerotel/Macrossan rulings was not to announce an outright ban on software patents. In so ruling, the court paved the way for patenting of, for example, a method, implemented by a particular software algorithm, of generating bit masks for use with laser printers that results in higher quality images. The UK-IPO declined to appeal this ruling, and the UK-IPO changed its practices and released a practice note confirming adherence to the analytical framework stated in Aerotel/Macrossan as further clarified in Astron Clinica.
The Astron Clinica ruling thus brought the UK's software patent regime closer to that of the EU, although some commentators opined that even after this ruling, it nevertheless remains easier to obtain patent protection for software-implemented inventions in the UK if the applicant first obtains patent protection via the EPO. The EPO is willing to find the requisite "technical effect" in patent applications that purport to improve the functioning of a computer system, such as software that reduces the load on a processor or otherwise makes more efficient use of computing resources.
For example, Research in Motion (manufacturer of the Blackberry device) was successful, in February of this year, in convincing the UK High Court to invalidate a patent owned by Visto Corporation for a system and method for synchronizing email across a network. Invalidation was based in part on the determination of the High Court that the system described in the patent was for nothing more than a computer program "as such". The High Court had additionally found that the Visto patents lacked the requisite "inventive step", and so perhaps this deficiency also served to buttress the conclusion that the "technical effect", needed to save an invention from otherwise falling into the computer program exclusion, was missing.
The plot thickened considerably in March of this year with the decision of the UK High Court of Re Patent Application in the name of Symbian Limited. Symbian sought a patent on claims for a method of accessing data held in a dynamic link library (DLL) in a computing device, as well as to the device itself controlled by the method. In short, Symbian's invention changed the way a computer's operating system invokes DLLs in order to eliminate the possibility of errors resulting from changes in that DLL. The UK-IPO rejected the application, on the basis that the invention was comprised of nothing more than the operation of a computer program as such. However, the EPO had granted the patent to Symbian for the exact same invention. On appeal, the High Court overruled the UK-IPO, stating that it had too narrowly considered the invention's technical effect. The court questioned "why a program which has some novel technical effect on an important component in the computer's operating system should not qualify as doing more than merely operating as a computer program, notwithstanding its effect is to solve … a software problem affecting the functionality and reliability of the computer." The court additionally bemoaned the inconsistency between the UK-IPO's approach and that of the EPO. It appeared that the court wanted to bring the UK's approach to software patentability even closer to that of the EU.
After the Symbian ruling, the UK-IPO issued a press release announcing its intention to appeal the ruling, stating that the High Court did not apply the Aerotel/Macrossan test in the way intended by the Court of Appeal. This, in UK-IPO's view, has created uncertainty about how the Aerotel/Macrossan test should be applied for inventions of this type. The UK-IPO explained, "whilst it is possible to get patents in the UK for some inventions involving computer programs, it is not possible to get patents for innovations which are solely computer programs, such as an improved word processing program."
Software patents are more readily granted in the US, Japan and Australia.
14 October 2008
Could the MedImmune Decision Justify Microsoft's Refusal to Specifically List its Patents Believed to be Infringed by Linux?
Microsoft has in the past claimed that various open source software infringes no fewer than 235 patents Microsoft owns, including 42 patents Microsoft claims are infringed by the Linux kernel; 65 that are allegedly infringed by various Linux graphical user interface solutions; and 45 by the Open Office suite of productivity software. (See "Microsoft Takes on the Free World"). Microsoft has, moreover, steadfastly refused to specify in detail which patents are exactly infringed by which software technologies, drawing the ire of open source software proponents who claim that Microsoft is simply spreading fear, uncertainty and doubt (FUD) among businesses who would otherwise consider using free open source software solutions in lieu of Microsoft's proprietary packages like Windows and Office. (See, e.g., "Microsoft's Claims About Linux Patent Infringement Are Old News And Old FUD").
The United States Supreme Court may have provided Microsoft with a facially neutral justification for its behavior with the decision of MedImmune, Inc. v. Genentech, Inc. (US S. Ct. 2007). In that case, the Supreme Court held that a licensee under a patent license need not breach or terminate the license in order to challenge the licensed patent's enforceability or infringement in court. Prior to this decision, US law had specified that a licensee could not enjoy the benefits of a patent license while at the same time seek to invalidiate the patents at issue or seek a ruling that its products are not infringing such patents.
In so ruling, the Court rejected the "reasonable apprehension from suit" test which lower US courts had consistently applied as a threshold test for determining whether a party can seek a declaration from a court of patent invalidity or noninfringement. Under US law prior to the MedImmune decision, securing non-infringement or invalidity declarations concerning patents owned by a party who is not currently threatening legal infringement actions was not easy. Parties had to show that the patent owner's actions created a "reasonable apprehension" of an "imminent" lawsuit before a court would entertain such actions.
MedImmune changed this requirement, and in so doing, radically altered the balance of negotiating leverage between patent owners and existing or potential patent licensees. Patent owners who seek to secure royalty-bearing patent licenses now must be even more careful to approach a potential licensee in a non-threatening, non-adversarial way, so as to avoid setting up conditions conducive to a patent invalidity/noninfringement declaratory lawsuit brought by the potential licensee. Subsequent lower US court decisions following MedImmune are illustrative.
In SanDisk Corp. v. STMicroelectronics, Inc. (Fed. Cir. 2007), STMicroelectronics initiated contact with SanDisk, explaining that STMicro has certain flash memory-related patents of which SanDisk may "have an interest", and inviting SanDisk to enter into licensing negotiations. STMicro revealed in detail all of the patents it claimed read on SanDisk's products. Many weeks of what SanDisk's Chief IP Counsel described as "friendly discussions" culminated in a confidential written patent license offer from STMicro to SanDisk. SanDisk responded by filing a lawsuit in federal court seeking a declaration that SanDisk is not infringing STMicro's patents and/or that such patents are invalid. The district court dismissed SanDisk's lawsuit, noting that at no time did STMicro ever threaten SanDisk with patent infringement litigation. On appeal, the Federal Circuit reversed the dismissal order based on the Supreme Court's MedImmune decision, holding that where a patentee asserts rights under a patent based on certain identified ongoing or planned activity of another party, and where that party contends that it has the right to engage in the accused activity without license, the party need not risk a suit for infringement by engaging in the identified activity before seeking a declaration of its legal rights.
These cases can be used to explain Microsoft's refusal to specify the patents it claims are infringed. Any concrete licensing discussions concerning specific patents could expose Microsoft to numerous declaratory judgment lawsuits of the SanDisk kind, in multiple courts throughout the United States. Microsoft is no doubt treading lightly so as to avoid inviting a multiplicity of such lawsuits.
In fact, the MedImmune and follow-on decisions should cause any party licensing patents, either standalone or associated with software or other technologies, to take care to minimize the threat or effect of declaratory judgments from its licensees or potential customers. Some suggestions in this regard include:
- in license agreements, the licensor should seek provisions which allow the licensor to terminate the agreement in the event that the licensee initiates litigation challenging the validity of the patents at issue (so that the licensee cannot enjoy the benefits of the license while the licensee is at the same time challenging the patents being licensed under it);
- licensors should specify a choice of forum and law where all challenge suits must be brought (so that if a declaration suit is brought, the licensor can at least litigate that claim in a forum of its choice);
- licensors should seek contractual admissions under which the licensee admits the validity and/or its infringement of the patents at issue (a court may disregard such admissions but they may nevertheless have some evidentiary value);
- in pre-license negotiations, the licensor should seek to have the potential licensee sign a confidentiality agreement that would prevent the licensee from using pre-license discussions as a basis for a declaration lawsuit (an approach the SanDisk court itself suggests); and
- pre-license discussions should be postured in as non-adversarial and as non-threating way as much as possible, emphasizing the "complete solution", "added value" and "complete security" the patent package offers to the potential customer – ie, perhaps something like the current Microsoft approach to Linux customers.
The United States Supreme Court may have provided Microsoft with a facially neutral justification for its behavior with the decision of MedImmune, Inc. v. Genentech, Inc. (US S. Ct. 2007). In that case, the Supreme Court held that a licensee under a patent license need not breach or terminate the license in order to challenge the licensed patent's enforceability or infringement in court. Prior to this decision, US law had specified that a licensee could not enjoy the benefits of a patent license while at the same time seek to invalidiate the patents at issue or seek a ruling that its products are not infringing such patents.
In so ruling, the Court rejected the "reasonable apprehension from suit" test which lower US courts had consistently applied as a threshold test for determining whether a party can seek a declaration from a court of patent invalidity or noninfringement. Under US law prior to the MedImmune decision, securing non-infringement or invalidity declarations concerning patents owned by a party who is not currently threatening legal infringement actions was not easy. Parties had to show that the patent owner's actions created a "reasonable apprehension" of an "imminent" lawsuit before a court would entertain such actions.
MedImmune changed this requirement, and in so doing, radically altered the balance of negotiating leverage between patent owners and existing or potential patent licensees. Patent owners who seek to secure royalty-bearing patent licenses now must be even more careful to approach a potential licensee in a non-threatening, non-adversarial way, so as to avoid setting up conditions conducive to a patent invalidity/noninfringement declaratory lawsuit brought by the potential licensee. Subsequent lower US court decisions following MedImmune are illustrative.
In SanDisk Corp. v. STMicroelectronics, Inc. (Fed. Cir. 2007), STMicroelectronics initiated contact with SanDisk, explaining that STMicro has certain flash memory-related patents of which SanDisk may "have an interest", and inviting SanDisk to enter into licensing negotiations. STMicro revealed in detail all of the patents it claimed read on SanDisk's products. Many weeks of what SanDisk's Chief IP Counsel described as "friendly discussions" culminated in a confidential written patent license offer from STMicro to SanDisk. SanDisk responded by filing a lawsuit in federal court seeking a declaration that SanDisk is not infringing STMicro's patents and/or that such patents are invalid. The district court dismissed SanDisk's lawsuit, noting that at no time did STMicro ever threaten SanDisk with patent infringement litigation. On appeal, the Federal Circuit reversed the dismissal order based on the Supreme Court's MedImmune decision, holding that where a patentee asserts rights under a patent based on certain identified ongoing or planned activity of another party, and where that party contends that it has the right to engage in the accused activity without license, the party need not risk a suit for infringement by engaging in the identified activity before seeking a declaration of its legal rights.
These cases can be used to explain Microsoft's refusal to specify the patents it claims are infringed. Any concrete licensing discussions concerning specific patents could expose Microsoft to numerous declaratory judgment lawsuits of the SanDisk kind, in multiple courts throughout the United States. Microsoft is no doubt treading lightly so as to avoid inviting a multiplicity of such lawsuits.
In fact, the MedImmune and follow-on decisions should cause any party licensing patents, either standalone or associated with software or other technologies, to take care to minimize the threat or effect of declaratory judgments from its licensees or potential customers. Some suggestions in this regard include:
- in license agreements, the licensor should seek provisions which allow the licensor to terminate the agreement in the event that the licensee initiates litigation challenging the validity of the patents at issue (so that the licensee cannot enjoy the benefits of the license while the licensee is at the same time challenging the patents being licensed under it);
- licensors should specify a choice of forum and law where all challenge suits must be brought (so that if a declaration suit is brought, the licensor can at least litigate that claim in a forum of its choice);
- licensors should seek contractual admissions under which the licensee admits the validity and/or its infringement of the patents at issue (a court may disregard such admissions but they may nevertheless have some evidentiary value);
- in pre-license negotiations, the licensor should seek to have the potential licensee sign a confidentiality agreement that would prevent the licensee from using pre-license discussions as a basis for a declaration lawsuit (an approach the SanDisk court itself suggests); and
- pre-license discussions should be postured in as non-adversarial and as non-threating way as much as possible, emphasizing the "complete solution", "added value" and "complete security" the patent package offers to the potential customer – ie, perhaps something like the current Microsoft approach to Linux customers.
What Happens if the IP Asset You've Licensed is Transferred to a Third Party?
It is not uncommon for a company licensing in technology to spend much time and legal resources on ensuring that the licensor of that technology cannot assign or transfer the operative license agreement to a third party without the licensee's knowledge and consent. However, less common is attention to the risk of a licensor transferring the actual intellectual property that is the subject of the license in question. This situation arose in a recent US Court of Appeals decision within the US Federal Circuit, the courts responsible for patent appeals. The decision is Datatreasury Corp. v. Wells Fargo & Co., et al.
In that case, Wells Fargo Services Corp. entered into a 2004 patent license agreement with WMR e-Pin LLC related to net banking settlement services. The agreement was expressly binding on successors and assignees, and prohibited assignment of the agreement without the prior written consent of the non-assigning party. The license agreement also contained a mandatory binding arbitration clause.
In 2006, WMR assigned the patents at issue to Datatreasury Corp. Soon afterwards, Datatreasury filed suit against Wells Fargo, accusing the bank of infringing the patents previously licensed to Wells Fargo. Wells Fargo moved to compel arbitration, based on the binding arbitration clause in the license agreement covering the transferred patents. Wells Fargo argued that Datatreasury is bound by the arbitration clause, notwithstanding that it was not a party to that license agreement and never contractually agreed to be bound to arbitrate disputes with Wells Fargo, because, the argument went, the arbitration obligation "runs with the patent" at issue. The bank relied on cases standing for the proposition that because the owner of a patent cannot transfer an interest greater than that which it possesses, an assignee takes a patent subject to the legal encumbrances associated with it.
The Federal Circuit affirmed the district court's denial of the motion. The court distinguished the cases upon which Wells Fargo relied, concluding that "the legal encumbrances deemed to 'run with the patent' in these cases involved the right to use the patented product, not a duty to arbitrate." The court made a distinction between terms of an agreement relating to use of the patented product, and other ancillary terms of an agreement. "[P]rocedural terms of a licensing agreement unrelated to the actual use of the patent" are not binding on a subsequent owner of the patent.
The question that arises now is what exactly is meant by "procedural" terms. Would infringement indemnification and warranties run with the intellectual property in question, such that transferees would be bound to honor those commitments, or would these be held to be non-binding on subsequent transferees of that intellectual property? The Datatreasury case instructs that licensees should, to the extent possible, attempt to deal with the risks engendered by the intellectual property owner transferring the intellectual property at issue to a stranger to the license agreement, by ensuring that the transferee is bound by the obligations of the license agreement.
In that case, Wells Fargo Services Corp. entered into a 2004 patent license agreement with WMR e-Pin LLC related to net banking settlement services. The agreement was expressly binding on successors and assignees, and prohibited assignment of the agreement without the prior written consent of the non-assigning party. The license agreement also contained a mandatory binding arbitration clause.
In 2006, WMR assigned the patents at issue to Datatreasury Corp. Soon afterwards, Datatreasury filed suit against Wells Fargo, accusing the bank of infringing the patents previously licensed to Wells Fargo. Wells Fargo moved to compel arbitration, based on the binding arbitration clause in the license agreement covering the transferred patents. Wells Fargo argued that Datatreasury is bound by the arbitration clause, notwithstanding that it was not a party to that license agreement and never contractually agreed to be bound to arbitrate disputes with Wells Fargo, because, the argument went, the arbitration obligation "runs with the patent" at issue. The bank relied on cases standing for the proposition that because the owner of a patent cannot transfer an interest greater than that which it possesses, an assignee takes a patent subject to the legal encumbrances associated with it.
The Federal Circuit affirmed the district court's denial of the motion. The court distinguished the cases upon which Wells Fargo relied, concluding that "the legal encumbrances deemed to 'run with the patent' in these cases involved the right to use the patented product, not a duty to arbitrate." The court made a distinction between terms of an agreement relating to use of the patented product, and other ancillary terms of an agreement. "[P]rocedural terms of a licensing agreement unrelated to the actual use of the patent" are not binding on a subsequent owner of the patent.
The question that arises now is what exactly is meant by "procedural" terms. Would infringement indemnification and warranties run with the intellectual property in question, such that transferees would be bound to honor those commitments, or would these be held to be non-binding on subsequent transferees of that intellectual property? The Datatreasury case instructs that licensees should, to the extent possible, attempt to deal with the risks engendered by the intellectual property owner transferring the intellectual property at issue to a stranger to the license agreement, by ensuring that the transferee is bound by the obligations of the license agreement.
27 August 2008
OSiM World, Berlin: September 17-18, 2008
I will give a presentation entitled, Key Legal Factors to Consider When Establishing Open Source Projects, and will participate as a panelist in, How Do You Choose the Right License?, at the Open Source in Mobile World Conference in Berlin on September 17-18, 2008. Discounts of 25% off of program fees are available through me; please contact me at sean@hovilaw.com if you are interested in attending.
Are You Ready for an IPR Audit?
Consider the following hypothetical (the names contained in which are entirely fictional):
Arthur Jones, Worldwide VP of Sales for eOS Corporation, a small start-up vendor of embedded operating systems, has worked hard for nearly six months to convince the world's largest manufacturer of microcontrollers, IMC, Inc., to adopt the company's flagship eOS product in all of IMC's high volume products. The commercial terms have been agreed upon and a letter of intent has been signed. The next step is to successfully complete IMC's supplier quality audit, required by IMC's procurement division. IMC's auditing engineers will visit eOS's development center in Bangladesh to observe the software development and QA processes and ensure IMC's stringent best practices are followed. As Arthur reviews the agenda for the upcoming audit, Arthur notices for the first time that IMC auditors will be inquiring as to eOS's "policies, procedures and processes for ensuring the integrity of the company's intellectual property, minimizing the risk of contamination and adverse third party legal claims, and maximizing the legal protection afforded to the company's products." Suffering a sudden attack of the sweats, Arthur phones his company's lawyer and asks him to "draft something up quick …!"
Software companies are frequently the subject of stringent supplier quality audits prior to being selected by their customers. Oftentimes software supplier selection criteria for major OEMs includes successful completion of an onsite inspection in which a team of software or process engineers inspect the supplier's software development and quality assurance processes, such as adherence to the software capability maturity model (CMM), extreme programming methodologies, ISO, or the like. Frequently suppliers are questioned as to their compliance with information security standards or practices, such as ISO 17799.
With increasing frequency, these companies are now demanding to include within these audits a review of the developer's internal intellectual property rights policies. Proliferation of infringement lawsuits, the ever-increasing costs associated with litigating or settling such claims, heightened prevalence of open source licensing regimes, and peer-to-peer distribution mechanisms, among other factors, have all contributed to a heightened awareness of and sensitivity to the legal risks associated with software development, and a concomitant heightened level of scrutiny for software suppliers.
Of particular importance are external source code intake policies, clean room development procedures, and technology use and confidentiality policies. It is now expected that software companies have well-documented and consistently applied policies which ensure adequate protection and optimal management of IP assets, insulate against the risks of contamination, particularly in the area of open source software, and impose discipline in the manner in which software engineers license in or introduce external code into the companies' products. These IPR reviews can oftentimes rise to level of scrutiny normally reserved for M&A due diligence.
Failure to have these policies and processes established, documented, and fully implemented early in a software company's growth cycle can prove to be a significant impediment to satisfying these quality audits, and could as a result foreclose significant business opportunities. OEMs would not look favorably upon a software company's reactive and post hoc establishment of such policies as a result of the OEM's auditing conditions.
Such policies should at a minimum consist of the following:
Arthur Jones, Worldwide VP of Sales for eOS Corporation, a small start-up vendor of embedded operating systems, has worked hard for nearly six months to convince the world's largest manufacturer of microcontrollers, IMC, Inc., to adopt the company's flagship eOS product in all of IMC's high volume products. The commercial terms have been agreed upon and a letter of intent has been signed. The next step is to successfully complete IMC's supplier quality audit, required by IMC's procurement division. IMC's auditing engineers will visit eOS's development center in Bangladesh to observe the software development and QA processes and ensure IMC's stringent best practices are followed. As Arthur reviews the agenda for the upcoming audit, Arthur notices for the first time that IMC auditors will be inquiring as to eOS's "policies, procedures and processes for ensuring the integrity of the company's intellectual property, minimizing the risk of contamination and adverse third party legal claims, and maximizing the legal protection afforded to the company's products." Suffering a sudden attack of the sweats, Arthur phones his company's lawyer and asks him to "draft something up quick …!"
Software companies are frequently the subject of stringent supplier quality audits prior to being selected by their customers. Oftentimes software supplier selection criteria for major OEMs includes successful completion of an onsite inspection in which a team of software or process engineers inspect the supplier's software development and quality assurance processes, such as adherence to the software capability maturity model (CMM), extreme programming methodologies, ISO, or the like. Frequently suppliers are questioned as to their compliance with information security standards or practices, such as ISO 17799.
With increasing frequency, these companies are now demanding to include within these audits a review of the developer's internal intellectual property rights policies. Proliferation of infringement lawsuits, the ever-increasing costs associated with litigating or settling such claims, heightened prevalence of open source licensing regimes, and peer-to-peer distribution mechanisms, among other factors, have all contributed to a heightened awareness of and sensitivity to the legal risks associated with software development, and a concomitant heightened level of scrutiny for software suppliers.
Of particular importance are external source code intake policies, clean room development procedures, and technology use and confidentiality policies. It is now expected that software companies have well-documented and consistently applied policies which ensure adequate protection and optimal management of IP assets, insulate against the risks of contamination, particularly in the area of open source software, and impose discipline in the manner in which software engineers license in or introduce external code into the companies' products. These IPR reviews can oftentimes rise to level of scrutiny normally reserved for M&A due diligence.
Failure to have these policies and processes established, documented, and fully implemented early in a software company's growth cycle can prove to be a significant impediment to satisfying these quality audits, and could as a result foreclose significant business opportunities. OEMs would not look favorably upon a software company's reactive and post hoc establishment of such policies as a result of the OEM's auditing conditions.
Such policies should at a minimum consist of the following:
- external source code introduction and management policy: procedures to avoid or minimize the risk of external source code being introduced into the software company's products without authorization or in violation of licensing terms, which include a process for legal review of licensing terms and inbound licensing "playbooks" or guidelines;
- clean room development procedures: a formalized and systematic process description, consisting of clear and precise rules regarding staff segregation, network management, access logs, management audits, etc.;
- technology use and confidentiality policies: best practices and rules regarding use of company technology and IP assets and protection of company confidential information and trade secrets; and
- IP asset management policies: systems for tracking, clearing, identifying and protecting the company's patent, trade secret and copyright assets.
Subscribe to:
Posts (Atom)